U.S. Government Plans Move to Secure Power Grid from Cyberattacks with “Retro” Technologies
After a series of attempts by foreign actors to perform cyberattacks on critical national infrastructure (CNI), the U.S. Government has made a somewhat-surprising announcement; they fully intend on moving to secure power grids by using “retro” technologies.
This move was confirmed in a press release issued in late June, where the U.S. Senate passed the Securing Energy Infrastructure Act (SEIA), a bipartisan bill introduced by U.S. Senators Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission, and Jim Risch (R-Idaho). Both Senators are members of the Senate Intelligence Committee and the Senate Committee on Energy and Natural Resources (ENR).
The press release explained how the legislation will defend the U.S. energy grid by partnering with industry to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems.
The main issue that lies at hand is that when these systems were built, security was not a main concern, since they were originally never meant to be connected to the internet.
Instead of cultivating new skills and producing new technologies to counter such threats and secure any future issues, the U.S. will utilize analog and manual technology in order to isolate the most important control systems belonging to the grid. This should limit the possibilities of a catastrophic outage, according to the U.S. Government. In fact, this approach would make it greatly difficult for even the most advanced cyber-criminals to access the grid, since they would have to be in the physical presence of the equipment to cause any real harm.
“As our world grows more and more connected, we have before us both new opportunities and new threats,” said Senator King. “Our connectivity is a strength that, if left unprotected, can be exploited as a weakness. This bill takes vital steps to improve our defenses, so the energy grid that powers our lives is not open to devastating attacks launched from across the globe. It’s bipartisan, it’s commonsense, and it’s necessary – I’m glad that the Senate has advanced this important legislation.”
According to Senators King and Risch, SEIA was inspired by the 2015 Russian attack on Ukraine’s power grid which left the country without power. “The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid,” Senators King and Risch said.
The Stuxnet worm is one infamous example of an attack on similar critical infrastructure that was discovered 10 years ago after it caused substantial damage to an Iranian nuclear facility. The result of the cyber-assault was a toolkit designed to specifically target the supervisory control and data acquisition (SCADA) systems that power critical infrastructure.
Indeed, these types of threats are a reoccurring phenomenon. According to an April Ponemon Institute report, 90% of critical infrastructure providers say their IT/OT environment has been damaged by a cyberattack over the past two years.
In mid-June, The New York times reported that the United States is stepping up digital incursions into Russia’s electric power grid. The move was to be recognized as a warning to the Russian president Vladimir Putin, showing that President Trump is not afraid to deploy cyber tools in a more aggressive manner.
It cannot be argued that Russia is indeed one of the most accomplished nations in the world in its ability to perform state-sponsored attacks, disinformation and espionage. China, North Korea and Iran also have dedicated cyber arsenals that are of increasing threat to the West.
Is SEIA A good idea?
According to some experts, disconnecting from the internet is a good idea because manual operations offer more control and lower the risk. However, other experts, such as Nigel Stanley, CTO at TUV Rheinland, think otherwise. Stanley stresses that most industrial control systems have some form of manual over-ride or redundancy in the event of failure. “The problem is that this is costly in terms of manpower and requires access to suitably qualified and experienced staff to take over the system if it fails.”
Homeland Security Research Corp. (HSRC) recently published their latest report, Critical Infrastructure Protection Market– 2019-2025. This 1123-page market report is the most comprehensive review of the global CIP market available today. The objective of this report is to provide today’s strategic decision-makers with an expert 360-degree, time-sensitive, detailed view of this interconnected market.
The report elaborates on how in upcoming years, the Critical Infrastructure Protection (CIP) market and industry are forecast to go through major technology shifts; it is expected to reach $106 billion in 2025. New and maturing technologies, such as Artificial Intelligence, Smart Fences, Big Data & Data Analysis, AI based people identification, Smart Checkpoints, Advanced Cybersecurity and Nano Sensors will create new market segments and fresh business opportunities.
This market report, which consists of 3 volumes, presents a thorough analysis of 5 vertical, 5 technology, 5 regional, 5 revenue sources and 43 national markets, detailing 232 relevant 2018-2025 submarkets.
Questions answered in this report include:
- What is the CIP market size and what are the trends of 232 submarkets during 2018-2025?
- What are the CIP submarkets that provide attractive business opportunities?
- Who are the decision-makers?
- What drives the customers to purchase CIP solutions and services?
- What are the CIP customers looking for?
- What are the CIP technology & services trends?
- What are the 10 Vertical and Technology markets SWOTs (Strengths, Weaknesses, Opportunities and Threats)?
About Homeland Security Research Corp. (HSRC)
Homeland Security Research Corp. (HSRC) is an international market and technology research firm specializing in the Homeland Security (HLS) & Public Safety (PS) industry. HSRC provides premium off-the-shelf and customized market reports on present and emerging technologies and industry expertise, enabling global clients to gain time-critical insight into business opportunities. HSRC’s clients include the U.S. Congress, DHS, U.S. Army, U.S. Navy, DOD, DOT, GAO, NATO and EU, among others; as well as government agencies in Japan, Korea, Taiwan, Israel, Canada, UK, Germany, Australia, Sweden, Finland, Singapore. With over 950 private sector clients (73% returning), including major defense and security contractors and Fortune 2000 companies, HSRC earned the reputation as the industry’s Gold Standard for HLS & PS market reports.
For more information, contact Naomi Sapir:
naomi@homelandsecurityresearch.com